Security update for phpMyAdmin (moderate)

2018-12-14T18:10:09
ID OPENSUSE-SU-2018:4124-1
Type suse
Reporter Suse
Modified 2018-12-14T18:10:09

Description

This update for phpMyAdmin fixes security issues and bugs.

Security issues addressed in the 4.8.4 release (bsc#1119245):

  • CVE-2018-19968: Local file inclusion through transformation feature
  • CVE-2018-19969: XSRF/CSRF vulnerability
  • CVE-2018-19970: XSS vulnerability in navigation tree

This update also contains the following upstream bug fixes and improvements:

  • Ensure that database names with a dot ('.') are handled properly when DisableIS is true
  • Fix for message "Error while copying database (pma__column_info)"
  • Move operation causes "SELECT * FROM undefined" error
  • When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged when $cfg['AuthLogSuccess'] was true
  • Multiple errors and regressions with Designer